Upstream information
Description
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.SUSE information
Overall state of this security issue: Does not affect SUSE products
No SUSE Bugzilla entries cross referenced.SUSE Security Advisories:
- TID7017429, published Sa 3. Mär 12:03:32 CET 2018
SUSE Timeline for this CVE
CVE page created: Fri Apr 22 16:15:59 2016CVE page last modified: Tue Jul 1 12:27:03 2025